CN106357595A - Encryption method and encryption system based on SIM card - Google Patents
Encryption method and encryption system based on SIM card Download PDFInfo
- Publication number
- CN106357595A CN106357595A CN201510437255.9A CN201510437255A CN106357595A CN 106357595 A CN106357595 A CN 106357595A CN 201510437255 A CN201510437255 A CN 201510437255A CN 106357595 A CN106357595 A CN 106357595A
- Authority
- CN
- China
- Prior art keywords
- terminal unit
- application server
- key
- response value
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
Abstract
The invention provides an encryption method based on an SIM card. The encryption method based on the SIM card is suitable for data communication between terminal equipment and an application server, terminal equipment is provided with the SIM card, a Ki value in the SIM card is stored in a home location register, and the home location register and the application server are positioned in a local area network. The method comprises the following steps: calculating symbol response values by using the terminal equipment and the home location register on the basis of a first random number and the Ki value in the SIM card respectively; and transmitting the symbol response values to the application server by the home location register through an internal network so that the symbol response values are used for encrypting the terminal equipment and the application server.
Description
Technical field
The present invention relates to a kind of network encryption technique, more particularly, to a kind of encryption method based on sim card and
Encryption system.
Background technology
With the development of the Internet, by network transmission data, shared information become daily communication for information with
One indispensable approach of transmission, for ensureing the safety in data transfer procedure, existing at present multiple to transmission
The Method and kit for that data is encrypted, most importantly has following two classes:
Using asymmetric public private key pair cipher mode, this main b2c or the application of ecommerce class are using more.
Client sends service end to using the public key encryption data of service end, and service end is untied i.e. permissible using private key
Obtain in plain text.Ciphertext data is stolen in network transmission and also cannot decipher, and reason is the data of public key encryption
Can only decipher private key, and private key knows do not have otherwise to know except service end.Certainly, if service end
Need actively to transmit ciphertext to client, this kind of scheme has some limitation.Normal conditions, now need to tie
Close symmetric key system, that is, or client produces an interim session key, by public key encryption
Pass to service end after this key, obtain this session key after the deciphering of service end private key, hereafter can adopt this meeting
Words key encrypts any data to client.
Using symmetric key system cipher mode.Due to needing to adhere to a basic principle, key plain itself
Can not in transmission over networks, and if having ready conditions key also without departing from special key storage media,
Therefore, the chip often needing key storage and computing in this way in client, typically sam are adopted
Card.In terminal unit sam card, the key of storage is often to store key according to sam card only in service end
One uid scattered next stage key.
Content of the invention
The brief overview of one or more aspect given below is to provide the basic comprehension to these aspects.This is general
State the extensive overview of the not all aspect contemplating, and be both not intended to identify the key of all aspects
Or the decisive key element also non-scope attempting to define any or all aspect.Its unique purpose is intended to simplify
Some concepts that form provides one or more aspects think the sequence of more detailed description given later.
According to an aspect of the present invention, there is provided a kind of encryption method based on sim card is it is adaptable to terminal
Data communication between equipment and application server, this terminal unit is furnished with sim card, attaching position register
In the ki value that is stored with this sim card and being in LAN with this application server, the method includes:
This terminal unit and this attaching position register are based respectively on the ki in the first random number and this sim card
Value calculates symbol response value;And
This attaching position register sends this symbol response value to this application server by Intranet, thus should
This symbol response value is used by terminal unit and this application server as encryption.
In one example, the method also includes: this terminal unit and this application server use this symbol response
Value carries out mutual legitimacy certification as certification key.
In one example, this terminal unit and this application server are used this symbol response value as certification key
Carry out mutual legitimacy certification to include:
This application server is random to be received from this terminal unit second using this local symbol response value
Number is encrypted, and the ciphertext data back after encryption is given this terminal unit, and
This terminal unit is using this local symbol response value to the ciphertext data being received from this application server
It is decrypted, if the data that deciphering obtains is identical with this second random number, this application of this terminal device authentication
Server is legal, otherwise for illegal;And/or
This terminal unit is random to be received from this application server the 3rd using this local symbol response value
Number is encrypted, and the ciphertext data back after encryption is given this application server, and
This application server is using this local symbol response value to the ciphertext data being received from this terminal unit
It is decrypted, if the data that deciphering obtains is identical with the 3rd random number, this end of this application server certification
End equipment is legal, otherwise for illegal.
In one example, the method also includes: be mutually authenticated legal after, this application server and this eventually
End equipment is used this symbol response value to obtain sub-key for use as session of both sides as female key respectively
Session key.
In one example, this application server and this terminal unit are used this symbol response value close as mother respectively
Key obtains sub-key and includes:
This terminal unit generates the 5th random number and is used the 5th random number as dispersion factor to as mother
This symbol response value execution dispersion of key calculates to obtain this sub-key, and
This application server is used the 5th random number being received from this terminal unit as dispersion factor to work
This symbol response value execution dispersion for female key calculates to obtain this sub-key;Or
This application server generates the 6th random number and is used the 6th random number as dispersion factor to conduct
This symbol response value execution dispersion of female key calculates to obtain this sub-key, and
This terminal unit is used the 6th random number being received from this application server as dispersion factor to work
This symbol response value execution dispersion for female key calculates to obtain this sub-key.
In one example, the method also includes: this application server sends key to this attaching position register
Request;In response to this key request, this attaching position register generates this first random number and sends this end to
End equipment.
In one example, the method also includes: this attaching position register passes through Intranet by this terminal unit
Sim card user number sends this application server to;This application server distributes dynamic ip for this terminal unit
This dynamic ip address is simultaneously associated by address with this sim card user number;And in the networking of this terminal unit
When, this application server searches out associated dynamic ip based on the sim card user number of this terminal unit
Address simultaneously searches this terminal unit.
In one example, the method also includes: if this terminal unit failed cluster, this application server is based on
This sim card user number sends short-message instruction to this terminal unit so that this terminal unit is networked.
According to a further aspect in the invention, there is provided a kind of encryption system based on sim card, comprising:
Terminal unit, this terminal unit is equipped with sim card, and includes symbol response value computing module;
Attaching position register, the ki value being stored with this attaching position register in this sim card, and
Including response value computing module;And
Application server, this application server is in the interior of same WLAN with this attaching position register
In net,
The symbol response value computing module of wherein this terminal unit and this attaching position register is respectively used to base
Ki value in the first random number and this sim card calculates symbol response value, and this attaching position register passes through
Intranet sends this symbol response value to this application server, thus this terminal unit will with this application server
This symbol response value is used as encryption.
In one example, this terminal unit and this application server are used this symbol response value as certification key
Carry out mutual legitimacy certification.
In one example, this application server includes encrypting module, for using this local symbol response
Value is encrypted to the second random number being received from this terminal unit, and the ciphertext data after encryption passes back to this
Terminal unit, this terminal unit also includes deciphering module, for using local this symbol response value docking
Receive and be decrypted from the ciphertext data of this application server, if deciphering the data obtaining and this second random number phase
With then this application server of this terminal device authentication is legal, otherwise for illegal;And/or
This terminal unit includes encrypting module, for being answered to being received from this using this local symbol response value
It is encrypted with the 3rd random number of server, the ciphertext data after encryption passes back to this application server,
This application server also includes deciphering module, for using this local symbol response value to being received from
The ciphertext data of this terminal unit is decrypted, if the data that deciphering obtains is identical with the 3rd random number,
This this terminal unit of application server certification is legal, otherwise for illegal.
In one example, this terminal unit and this application server respectively further comprise session-key computation module,
For being used this symbol response value to obtain sub-key for use as session of both sides as female key respectively
Session key.
In one example, this terminal unit also includes randomizer, for generating the 5th random number,
The session-key computation module of this terminal unit is used for being used the 5th random number as dispersion factor to conduct
This symbol response value execution dispersion of female key calculates to obtain this sub-key, and
The session-key computation module of this application server is received from the 5th of this terminal unit for using
Random number calculates to obtain this son to this symbol response value execution dispersion as female key as dispersion factor
Key;Or
This application server also includes randomizer, for generating the 6th random number, this application service
The session-key computation module of device is used for being used the 6th random number as dispersion factor to as female key
The execution dispersion of this symbol response value calculates to obtain this sub-key, and
The session-key computation module of this terminal unit is received from the 6th of this application server for using
Random number calculates to obtain this son to this symbol response value execution dispersion as female key as dispersion factor
Key.
In one example, this attaching position register also includes randomizer, in response to being derived from
The key request of this application server, generates this first random number, to send this terminal unit to.
In one example, this application server also includes: ip address assignment module, for setting for this terminal
Back-up joins dynamic ip address;Associative cell module, for by this dynamic ip address be received from this ownership position
The sim card user number putting this terminal unit of depositor is associated;And searching modul, should for being based on
The sim card user number of terminal unit searches out associated dynamic ip address and searches this terminal unit.
In one example, if this terminal unit failed cluster, this application server is based on this sim card user
Number sends short-message instruction to this terminal unit so that this terminal unit is networked
Brief description
After reading the detailed description of embodiment of the disclosure in conjunction with the following drawings, better understood when this
The features described above of invention and advantage.In the accompanying drawings, each assembly is not necessarily drawn to scale, and has class
As the assembly of correlation properties or feature be likely to be of same or like reference.
Fig. 1 shows the block diagram of the encryption system based on sim card according to an aspect of the present invention;
Fig. 2 shows the block diagram of terminal unit according to an aspect of the present invention;
Fig. 3 shows the block diagram of attaching position register according to an aspect of the present invention;
Fig. 4 shows the block diagram of application server according to an aspect of the present invention;
Fig. 5 shows the block diagram of the encryption method based on sim card according to an aspect of the present invention.
Symbol description:
100: encryption system
110: terminal unit 111: symbol response value computing module 112: encrypting module
113: deciphering module 114: randomizer 115: session-key computation module
120: attaching position register 121: symbol response value computing module 122: randomizer
123: memorizer
130: application server 131: encrypting module 132: deciphering module 133: randomizer
134: session-key computation module 135:ip address assignment module 136: relating module
137: searching modul 138: memorizer
Specific embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in detail.Note, below in conjunction with accompanying drawing and
The aspects of specific embodiment description is only exemplary, and is understood not to protection scope of the present invention
Carry out any restriction.
Current encryption technology, being limited in that if service end needs of asymmetric public private key pair cipher mode
Actively transmit ciphertext to client, then normal conditions, now need with reference to symmetric key system.But it is symmetrical
Key code system cipher mode often needs the chip of key storage and computing, typically sam in client
Card.
In the present invention, in the client sim card is installed, due to the ki (key identifier) of sim card
Value has been saved in attaching position register when sim card is registered, based on mobile communication principle, client
End and attaching position register all can calculate symbol response value (sres) according to ki value.Attaching position register
Again the symbol response calculating value is sent to the application server in same LAN by Intranet, now,
Client and application server then can carry out follow-up encryption using this symbol response value and be used.Due to symbol
Response value is only propagated in the Intranet with application server for the attaching position register, therefore, does not have stolen
The risk taking.
The present invention passes through to install sim card on client terminal device additional, is made using the sres in mobile communication technology
For the key of data encryption, using current conventional encryption algorithm, there is provided a kind of new data encryption system
And method.Because sres is non-public transmission data, therefore improve the safety of encryption data.
The specific embodiment of the present invention to be described below in conjunction with accompanying drawing.
Fig. 1 shows the block diagram of the encryption system 100 based on sim card according to an aspect of the present invention.
As shown in figure 1, this encryption system 100 may include terminal unit 110, attaching position register 120 and
Application server 130.
Terminal unit 110 can be the equipment being provided with sim card.In form, terminal unit 110 can
To be the mobile devices such as smart phone, pda, net book, notebook computer or such as platform
The non-mobile devices such as formula machine, Set Top Box, intelligent television.It is known that store one in each sim card
Individual ki value, this ki is just to burn into sim card with special process when fabrication, by 32 hexadecimals
Character composition, such as d17f20239eedbe1520f64a851f3c44c9, if each character enters with two
Tabulation is shown, then length is 128.
Attaching position register (home location register, hlr) 120 includes a responsible movement
The data base of user management, stores positional information, the business of all mobile subscribers in this hlr signing
The information such as data, account management, and the inquiry to customer position information and modification can be provided in real time, and real
Existing all kinds of business operations, including location updating, call treatment, authentication and supplementary service etc., complete mobile logical
The mobile management of user in letter net.For example, when the sim of terminal unit 110 is stuck in and opens an account, this sim
The user profile such as the ki value in the Subscriber Number of card, this sim card are just saved to attaching position register 120
In.
Application server 130 is to provide cloud service function and correlation to need backstage to coordinate for terminal unit 110
Value-added service operation system.Need by public network between application server 130 and terminal unit 110
Network enters row data communication.Application server 130 and attaching position register 120 are in LAN.For example,
Application server 130 can be the application server of the commmunication company oneself providing Information Mobile Service.
For example, application server 130 can be communicated by wired mode with attaching position register 120.
Communication between application server 130 and attaching position register 120 is so be interior Network Communication.Due to being interior
Network Communication, so the data transfer between application server 130 and attaching position register 120 will not be stolen
Take.
Fig. 2 shows the block diagram of terminal unit 110 according to an aspect of the present invention, and Fig. 3 shows basis
The block diagram of the attaching position register 120 of an aspect of of the present present invention, and Fig. 4 shows according to the present invention's
The block diagram of the application server 130 of one side.
As shown in Fig. 2 terminal unit 110 may include response value computing module 111.Response value computing module
111 can be according to the ki value in sim card and arbitrary generating random number symbol response value.Similarly, as Fig. 3
Shown, attaching position register 120 may also comprise response value computing module 121, for according to ki value and
Arbitrary generating random number symbol response value.
As shown in Figures 2 and 3, terminal unit 110 and attaching position register 120 also can include respectively with
Machine number generator 114 and randomizer 122, for generating random number.
Before data encryption, application server 130 can send key request to attaching position register 120.
In response to this key request, the randomizer 122 of attaching position register 120 can generate a random number.
Response value computing module 121 can calculate the terminal unit based on storage in this random number and memorizer 123
The ki value of 110 sim card generates symbol response value.
In addition, the random number that this generates can be sent to terminal unit 110 by attaching position register 120.Eventually
The symbol response value computing module 111 of end equipment 110 can be based on the ki in this random number and itself sim card
Value generates symbol response value.
For example, symbol response value computing module 111 and symbol response value computing module 121 can be calculated based on a3
Method is calculating this symbol response value.Due to being identical for calculating the ki value of symbol response value and random number,
Therefore, terminal unit 110 can obtain consistent symbol response value with attaching position register 120.
Attaching position register 120, can be by Intranet by this symbol response after obtaining this symbol response value
The Subscriber Number of value and this sim card sends application server 130 to.Although illustrate only an end in accompanying drawing
End equipment 110, but in fact have numerous terminal units.Attaching position register 120 can phase Tongfang
Formula obtains the symbol response value corresponding with each terminal unit 110, and sends application server 130 to.By
This, application server 130 can safeguard in memorizer 138 the sim card user number of a real-time update with
The corresponding table of the last symbol response value.
After application server 130 obtains symbol response value, this symbol will be co-owned with terminal unit 110
Response value, thus can be used the encryption that this symbol response value is used for follow-up intercommunication.
In one embodiment, terminal unit 110 and application server 130 can be used this symbol response value conduct
Certification key carries out mutual legitimacy certification.
First, terminal unit 110 can certification backstage application server 130 legitimacy.This certification is
Main purpose is the request preventing illegal backstage from kidnapping certain terminal unit, to reach fishing type attack.
Now, the randomizer 114 of terminal unit 110 can be randomly generated a random number, and such as 8
The random number of byte, then, this random number is sent to application server 130.Application server 130 can
Including encrypting module 131.This encrypting module 131 can be used local symbol response value as key to reception
This random number of self terminal equipment 110 is encrypted, for example, carry out adding using 3des or aes AES
Close, to obtain such as 16 bytes ciphertext data.Ciphertext data after encryption passes back to terminal unit 110.
Terminal unit 110 may include deciphering module 113.This deciphering module 113 can be rung using local symbol
Should be worth and the ciphertext data receiving is decrypted, for example, be entered using correspondingly 3des or aes decipherment algorithm
Row deciphering.If after deciphering the data (randoms number of such as 8 bytes) that obtains be sent to application service before this
The random number of 8 bytes of device 130 is identical, then application server 130 is legal, authentication authorization and accounting success, otherwise,
Application server 130 is illegal, authentification failure.
Secondly, application server 130 can certification terminal unit 110 legitimacy.This certification is topmost
Purpose is to prevent illegal terminal unit from attacking backstage, to reach information stealth or black purpose.
Now, the randomizer 133 of application server 130 can be randomly generated a random number, for example
The random number of 8 bytes, then, this random number is sent to terminal unit 110.Terminal unit 110 can wrap
Include encrypting module 112.This encrypting module 112 can be used local symbol response value as key to being received from
This random number of application server 130 is encrypted, for example, carry out adding using 3des or aes AES
Close, to obtain such as 16 bytes ciphertext data.Ciphertext data after encryption passes back to application server
130.
Application server 130 may include deciphering module 132.This deciphering module 132 can be using local symbol
Response value is decrypted to the ciphertext data receiving, such as using correspondingly 3des or aes decipherment algorithm
It is decrypted.If after deciphering the data (randoms number of such as 8 bytes) that obtains be sent to terminal before this and set
The random number of standby 110 8 bytes is identical, then terminal unit 110 is legal, authentication authorization and accounting success, otherwise,
Terminal unit 110 is illegal, authentification failure.
Terminal unit 110 and application server 130, after mutual authentication is legal, can enter real business
Data exchange, return including service request, Business Processing return, transaction request, trading processing etc..Due to
Symbol response value in communication link may keep the long period, therefore in the data exchange of Business Processing
Can not symbolization response value itself as key, but using interim service conversation key.
If the complete procedure of any one Business Processing (is always started from session setup to shake hands letter every time
Breath, the followed by middle request of Business Processing several times and Business Processing return, and are finally that conversation end is shaken hands
Information) be defined as a service conversation, then terminal unit 110 and application server 130 can be each session
Using unique session key.
Correspondingly, after terminal unit 110 and application server 130 are mutually authenticated success, can use should
Symbol response value as female key to obtain sub-key, for use as the session key of session of both sides.As figure
Shown in 2 and Fig. 4, terminal unit 110 and application server 130 can include session-key computation module respectively
115 and 134, for being used symbol response value to obtain sub-key for use as both sides one as female key respectively
The session key of secondary session.
In one example, this session key is the sub-key being obtained by the dispersion of symbol response value, either eventually
End 110 or application server 130 can transmit a random number to ask to produce session key to other side,
Both sides are used as dispersion factor by this random number, are used symbol response value to obtain session as female cipher key calculation
Key.The data exchange of ensuing Business Processing uses this session key encryption and decryption, until this Business Processing
Till completing.
Specifically, terminal unit 110 can initiate this request.The randomizer 114 of such as terminal unit
A random number can be generated, session-key computation module 115 can be used this random number as dispersion factor to local
Symbol response value execution dispersion calculate to obtain this sub-key.In addition, terminal unit 110 can be random by this
Number is sent to application server 130 to ask to produce session key.Application server 130 receive this with
After machine number, session-key computation module 134 can be used this random number as dispersion factor, local symbol to be rung
Execution dispersion should be worth calculate to obtain this sub-key.Then, terminal unit 110 and application server 130 can
The session that this sub-key is used between the two.After this conversation end, before next session start, can
Adopt same flow process to obtain the session key for session next time.
In addition, application server 130 can initiate this request.The randomizer of such as application server
133 can generate a random number, and session-key computation module 134 can be used this random number as dispersion factor pair
Local symbol response value execution dispersion calculates to obtain this sub-key.In addition, application server 130 can be by
This random number is sent to terminal unit 110 to ask to produce session key.Terminal unit 110 is receiving this
After random number, session-key computation module 115 can be used this random number as dispersion factor to local symbol
Response value execution dispersion calculates to obtain this sub-key.Then, terminal unit 110 and application server 130
The session that this sub-key can be used between the two.After this conversation end, before next session start,
Same flow process can be adopted to obtain the session key for session next time.
On the other hand, using the sim card in terminal unit, it is terminal unit distribution unique identity,
The addressing to equipment for the achievable application platform.
Specifically, after terminal unit 110 start, attaching position register 120 can be by this terminal unit 110
Volume log-on message is sent to application server 130 by Intranet, and this log-on message includes sim card user number
Code.
Application server 130 may include ip address assignment module 135 and relating module 136.If terminal sets
Standby 110 are in networking state.Then the ip address assignment module 135 of application server 130 can be this terminal
Equipment 110 distributes a dynamic ip address, the dynamic ip address that this can be distributed by relating module 136 simultaneously
It is associated with sim card user number.In addition, application server 130 may include searching modul 137, it is used for
Associated dynamic ip address can be searched out according to the sim card user number of terminal unit 110, thus
Search this terminal unit 110, realize reversely addressing.If terminal unit 110 failed cluster, application service
Device 130 can send short-message instruction to terminal unit 110 by the sim card user number based on this terminal unit 110,
So that it is networked.After networking, it is possible to achieve above-mentioned reverse addressing function.
Due to having installed sim card on the terminal device additional, when the non-real-time interconnection of terminal unit, can pass through
Telephone number is reversely found and wake-up device, and in the case of solving current dynamically distributes ip address, equipment is not
Cannot find and connect the problem of equipment under networking situation.
Fig. 5 shows the block diagram of the encryption method 500 based on sim card according to an aspect of the present invention.
Shown in accompanying drawing, the method 500 can comprise the following steps that
Step 502: terminal unit and attaching position register are based respectively on the first random number and described sim card
In ki value calculate symbol response value.
This terminal unit can be furnished with sim card, the ki being stored with this attaching position register in this sim card
Value and.Especially, this attaching position register and this application server are in LAN, in other words, two
Person is in same Intranet, thus data transfer between the two is safe, will not be stolen.
In one example, first key request is sent to attaching position register from application server.In response to
This key request, attaching position register generates this first random number and sends terminal unit to.
Step 504: attaching position register sends symbol response value to application server by Intranet, from
And symbol response value is used by terminal unit and application server as encryption.
In one embodiment, terminal unit and application server can be used symbol response value to enter as certification key
The mutual legitimacy certification of row.
For example, application server can be random to receive self terminal equipment second using local symbol response value
Number is encrypted, and by the ciphertext data back after encryption to terminal unit.Then, terminal unit is using this
The symbol response value on ground is decrypted to the ciphertext data receiving self-application server, if the data that deciphering obtains
Identical with this second random number, then this application server of terminal device authentication is legal, otherwise for illegal.
Again for example, terminal unit can using local symbol response value to receive the 3rd of self-application server with
Machine number is encrypted, and by the ciphertext data back after encryption to application server.Then, application server
Using local symbol response value, the ciphertext data receiving self terminal equipment can be decrypted, if deciphering obtains
Data identical with the 3rd random number, then this terminal unit of application server certification is legal, otherwise for illegal.
Be mutually authenticated legal after, application server and terminal unit can be used symbol response value conduct respectively
Female key obtains the session key for use as session of both sides for the sub-key.
For example, terminal unit can generate the 5th random number and be used the 5th random number as dispersion factor to work
Symbol response value execution dispersion for female key calculates to obtain this sub-key.As the opposing party, application service
Device is used the 5th random number being received from terminal unit as dispersion factor, the symbol as female key to be rung
Execution dispersion calculating should be worth and also obtain this sub-key.
Or, the 6th random number is generated by application server and sixth random number is used as dispersion factor pair
Symbol response value execution dispersion as female key calculates to obtain sub-key.As the opposing party, terminal unit
It is used the 6th random number being received from application server as dispersion factor, the symbol as female key to be rung
Execution dispersion calculating should be worth and also obtain this sub-key.
In another embodiment, attaching position register can be by Intranet by the sim card user of terminal unit
Number sends application server to.Application server can distribute dynamic ip address should for this terminal unit
Dynamic ip address is associated with this sim card user number.Then, when terminal unit is networked, application clothes
Business device can be searched out the ip address matching and be searched this end based on the sim card user number of terminal unit
End equipment.If terminal unit failed cluster, application server can be based on sim card user number to terminal unit
Send short-message instruction so that terminal unit is networked.Reversely found and wake-up device by telephone number, solve
At present in the case of dynamically distributes ip address, in the case of equipment failed cluster, cannot find and connect the problem of equipment.
Although illustrate and be described as a series of actions for making explanation simplify said method, it should be understood that simultaneously
Understand, these methods are not limited by the order of action, because according to one or more embodiments, some actions
Can occur in different order and/or with from depicted and described herein or not shown herein and description but this
Skilled person may be appreciated other actions and concomitantly occurs.
It will be understood by those skilled in the art that information, signal data can use various different technologies and skill
In any technology and skill representing.For example, above description is quoted from the whole text data, instruction, order,
Information, signal, position (bit), code element and chip can be by voltage, electric current, electromagnetic wave, magnetic field or magnetic
Particle, light field or optical particle or its any combinations are representing.
Those skilled in the art will further appreciate that, to describe in conjunction with the embodiments described herein is various
Illustrative logic plate, module, circuit and algorithm steps can achieve for electronic hardware, computer software,
Or combination of the two.For clearly explaining this interchangeability of hardware and software, various illustrative components,
Frame, module, circuit and step are to make vague generalization description with its functional form above.Such work(
Property can be implemented as hardware or software depending on concrete application and the design constraint putting on total system.
Technical staff can realize described feature for every kind of application-specific with different modes, but such
Realize decision-making should not be interpreted to lead to departing from the scope of the present invention.
Various illustrative logic modules and circuit in conjunction with presently disclosed embodiment description can use general place
Reason device, digital signal processor (dsp), special IC (asic), field programmable gate array
(fpga) or other PLD, discrete door or transistor logic, discrete nextport hardware component NextPort,
Or it is designed to carry out any combinations of function described herein to realize or to execute.General processor can be
Microprocessor, but in alternative, this processor can be any conventional processor, controller, micro-
Controller or state machine.Processor is also implemented as the combination of computing device, such as dsp with micro-
The one or more microprocessors of the combination of processor, multi-microprocessor and dsp central cooperation or
Any other such configuration.
In conjunction with embodiment disclosed herein description method or algorithm step can be embodied directly in hardware, in by
Embody in the software module of computing device or in combination of the two.Software module can reside in ram
Memorizer, flash memory, rom memorizer, eprom memorizer, eeprom memorizer, depositor,
In hard disk, the storage medium of removable disk, cd-rom or any other form known in the art.
Exemplary storage medium is coupled to processor so that this processor can read from/to this storage medium and write
Information.In alternative, storage medium can be integrated into processor.Processor and storage medium can be stayed
Stay in asic.Asic can reside in user terminal.In alternative, processor and storage are situated between
Matter can be resident in the user terminal as discrete assembly.
In one or more exemplary embodiments, described function can hardware, software, firmware or its
Realize in any combinations.If being embodied as computer program in software, each function can be used as one
Bar or more a plurality of instruction or code storage on a computer-readable medium or mat its transmitted.Computer-readable
Medium includes computer-readable storage medium and communication media, and it includes facilitating computer program from a ground to another
Any medium of one ground transfer.Storage medium can be any usable medium that can be accessed by a computer.As
Example and non-limiting, such computer-readable medium may include ram, rom, eeprom, cd-rom
Other optical disc storage, disk storage or other magnetic storage apparatus or can be used to carry or store instruction or
The desirable program code of data structure form and any other medium that can be accessed by a computer.Any connection
It is properly termed a computer-readable medium.For example, if software be using coaxial cable, fiber optic cables,
The wireless skill of twisted-pair feeder, digital subscriber line (dsl) or such as infrared, radio and microwave etc
Art from web site, server or the transmission of other remote source, then this coaxial cable, fiber optic cables,
The wireless technology of twisted-pair feeder, dsl or such as infrared, radio and microwave etc is just included in Jie
Among the definition of matter.As used herein disk (disk) and dish (disc) inclusion compact disc (cd),
Laser disc, laser disc, digital versatile disc (dvd), floppy disk and blu-ray disc, which disk (disk) often with
The mode reproduce data of magnetic, and dish (disc) laser reproduce data optically.Combinations of the above
Should be included within the scope of computer readable media.
Of this disclosure being previously described is provided to be for so that any person skilled in the art all can make or make
Use the disclosure.Various modification of this disclosure all will be apparent from for a person skilled in the art, and
The generic principles defined herein can be applied to other variants without departing from the spirit of the disclosure or model
Enclose.Thus, the disclosure is not intended to be limited to example described herein and design, but should be awarded
Give the widest scope consistent with principle disclosed herein and novel features.
Claims (16)
1. a kind of encryption method based on sim card is it is adaptable to number between terminal unit and application server
According to communication, described terminal unit is furnished with sim card, and be stored with described attaching position register described sim
Ki value in card and being in LAN with described application server, methods described includes:
Described terminal unit and described attaching position register are based respectively on the first random number and described sim card
In ki value calculate symbol response value;And
Described attaching position register sends described symbol response value to described application server by Intranet,
Thus described symbol response value is used by described terminal unit and described application server as encryption.
2. encryption method as claimed in claim 1 is it is characterised in that also include:
Described terminal unit and described application server are used described symbol response value to carry out as certification key
Mutually legitimacy certification.
3. encryption method as claimed in claim 2 it is characterised in that described terminal unit and described should
It is used described symbol response value to carry out mutual legitimacy certification as certification key to include with server:
Described application server is using local described symbol response value to being received from the of described terminal unit
Two randoms number are encrypted, and the ciphertext data back after encryption is given described terminal unit, and
Described terminal unit is using local described symbol response value to being received from the close of described application server
Civilian data is decrypted, if the data that deciphering obtains is identical with described second random number, described terminal unit
Application server described in certification is legal, otherwise for illegal;And/or
Described terminal unit is using local described symbol response value to being received from the of described application server
Three randoms number are encrypted, and the ciphertext data back after encryption is given described application server, and
Described application server is using local described symbol response value to being received from the close of described terminal unit
Civilian data is decrypted, if the data that deciphering obtains is identical with described 3rd random number, described application service
Terminal unit described in device certification is legal, otherwise for illegal.
4. encryption method as claimed in claim 2 is it is characterised in that also include:
Be mutually authenticated legal after, described application server and described terminal unit are respectively using described symbol
Response value obtains the session key for use as session of both sides for the sub-key as female key.
5. encryption method as claimed in claim 4 is it is characterised in that described application server and described
Terminal unit is used described symbol response value to include as female key acquisition sub-key respectively:
Described terminal unit generates the 5th random number and is used described 5th random number as dispersion factor to work
Described symbol response value execution dispersion for female key calculates to obtain described sub-key, and
Described application server be used be received from described 5th random number of described terminal unit as dispersion because
Son calculates to the described symbol response value execution dispersion as female key to obtain described sub-key;Or
Described application server generates the 6th random number and described sixth random number is used as dispersion factor pair
Described symbol response value execution dispersion as female key calculates to obtain described sub-key, and
Described terminal unit be used be received from described 6th random number of described application server as dispersion because
Son calculates to the described symbol response value execution dispersion as female key to obtain described sub-key.
6. encryption method as claimed in claim 1 is it is characterised in that also include:
Described application server sends key request to described attaching position register;
In response to described key request, described attaching position register generates described first random number and sends to
Described terminal unit.
7. encryption method as claimed in claim 1 is it is characterised in that also include:
The sim card user number of described terminal unit is sent to by described attaching position register by Intranet
Described application server;
Described application server be described terminal unit distribute dynamic ip address and by described dynamic ip address and
Described sim card user number is associated;And
When described terminal unit is networked, the sim card based on described terminal unit for the described application server is used
Family number searches out associated dynamic ip address and searches described terminal unit.
8. method as claimed in claim 7 is it is characterised in that also include:
If described terminal unit failed cluster, described application server be based on described sim card user number to
Described terminal unit sends short-message instruction so that described terminal unit is networked.
9. a kind of encryption system based on sim card, comprising:
Terminal unit, described terminal unit is equipped with sim card, and includes symbol response value computing module;
Attaching position register, the ki value being stored with described attaching position register in described sim card,
And including response value computing module;And
Application server, described application server and described attaching position register are in same WLAN
Intranet in,
The symbol response value computing module of wherein said terminal unit and described attaching position register is used respectively
In calculating symbol response value based on the ki value in the first random number and described sim card, described homing position is posted
Storage sends described symbol response value to described application server by Intranet, thus described terminal unit and
Described symbol response value is used by described application server as encryption.
10. encryption system as claimed in claim 9 it is characterised in that described terminal unit and described should
It is used described symbol response value to carry out mutual legitimacy certification as certification key with server.
11. encryption systems as claimed in claim 10 it is characterised in that
Described application server includes encrypting module, for using local described symbol response value to reception
It is encrypted from the second random number of described terminal unit, the ciphertext data after encryption passes back to described terminal
Equipment,
Described terminal unit also includes deciphering module, for using local described symbol response value to reception
It is decrypted from the ciphertext data of described application server, if deciphering the data obtaining and described second random number
Identical, then application server described in described terminal device authentication is legal, otherwise for illegal;And/or
Described terminal unit includes encrypting module, for using local described symbol response value to being received from
3rd random number of described application server is encrypted, and the ciphertext data after encryption passes back to described application
Server,
Described application server also includes deciphering module, for using local described symbol response value docking
Receive and be decrypted from the ciphertext data of described terminal unit, if deciphering the data obtaining and described 3rd random number
Identical, then terminal unit described in described application server certification is legal, otherwise for illegal.
12. encryption systems as claimed in claim 10 are it is characterised in that described terminal unit and described
Application server respectively further comprises session-key computation module, for being made using described symbol response value respectively
Obtain the session key for use as session of both sides for the sub-key for female key.
13. encryption systems as claimed in claim 12 are it is characterised in that described terminal unit also includes
Randomizer, for generating the 5th random number, the session-key computation module of described terminal unit is used
Described symbol response value execution as female key is divided as dispersion factor in described 5th random number is used
Dissipate and calculate to obtain described sub-key, and
The session-key computation module of described application server is used for using the institute being received from described terminal unit
State the 5th random number as dispersion factor the described symbol response value execution dispersion as female key is calculated with
Obtain described sub-key;Or
Described application server also includes randomizer, for generating the 6th random number, described application
The session-key computation module of server is used for being used described 6th random number as dispersion factor to as mother
The described symbol response value execution dispersion of key calculates to obtain described sub-key, and
The session-key computation module of described terminal unit is used for using the institute being received from described application server
State the 6th random number as dispersion factor the described symbol response value execution dispersion as female key is calculated with
Obtain described sub-key.
14. encryption systems as claimed in claim 9 it is characterised in that described attaching position register also
Including randomizer, described in response to the key request from described application server, generating
First random number, to send described terminal unit to.
15. encryption systems as claimed in claim 9 are it is characterised in that described application server also includes:
Ip address assignment module, for distributing dynamic ip address for described terminal unit;
Associative cell module, for by described dynamic ip address be received from described attaching position register
The sim card user number of described terminal unit is associated;And
Searching modul, for searching out associated moving based on the sim card user number of described terminal unit
State ip address simultaneously searches described terminal unit.
If 16. encryption systems as claimed in claim 15 are not it is characterised in that described terminal unit joins
Net, then described application server be based on described sim card user number to described terminal unit send short-message instruction
So that described terminal unit networking.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510437255.9A CN106357595A (en) | 2015-07-23 | 2015-07-23 | Encryption method and encryption system based on SIM card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510437255.9A CN106357595A (en) | 2015-07-23 | 2015-07-23 | Encryption method and encryption system based on SIM card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106357595A true CN106357595A (en) | 2017-01-25 |
Family
ID=57842906
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510437255.9A Pending CN106357595A (en) | 2015-07-23 | 2015-07-23 | Encryption method and encryption system based on SIM card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106357595A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112885175A (en) * | 2021-01-15 | 2021-06-01 | 杭州安恒信息安全技术有限公司 | Information security question generation method and device, electronic device and storage medium |
| CN115550913A (en) * | 2022-12-01 | 2022-12-30 | 北京紫光青藤微***有限公司 | Method and device for controlling NFC function, electronic equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1845600A (en) * | 2006-05-17 | 2006-10-11 | ***通信集团公司 | Method and system for realizing user key arrangement in mobile broadcast television service |
| CN1879445A (en) * | 2003-11-10 | 2006-12-13 | 高通股份有限公司 | Authentication of a wireless communication using expiration marker |
| CN1894996A (en) * | 2003-11-07 | 2007-01-10 | 高通股份有限公司 | Method and apparatus for authentication in wireless communications |
| CN1963835A (en) * | 2006-11-30 | 2007-05-16 | 大唐微电子技术有限公司 | Method and system of content protection |
| CN101079703A (en) * | 2006-05-23 | 2007-11-28 | 北京握奇数据***有限公司 | System and method for user ID card authentication via Internet |
| CN101621801A (en) * | 2009-08-11 | 2010-01-06 | 深圳华为通信技术有限公司 | Method, system, server and terminal for authenticating wireless local area network |
| CN103001771A (en) * | 2012-11-14 | 2013-03-27 | 广东电网公司电力科学研究院 | Data transmission security encryption method for metering automation system |
| US20140273965A1 (en) * | 2009-01-28 | 2014-09-18 | Headwater Partners I Llc | Automated credential porting for mobile devices |
-
2015
- 2015-07-23 CN CN201510437255.9A patent/CN106357595A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1894996A (en) * | 2003-11-07 | 2007-01-10 | 高通股份有限公司 | Method and apparatus for authentication in wireless communications |
| CN1879445A (en) * | 2003-11-10 | 2006-12-13 | 高通股份有限公司 | Authentication of a wireless communication using expiration marker |
| CN1845600A (en) * | 2006-05-17 | 2006-10-11 | ***通信集团公司 | Method and system for realizing user key arrangement in mobile broadcast television service |
| CN101079703A (en) * | 2006-05-23 | 2007-11-28 | 北京握奇数据***有限公司 | System and method for user ID card authentication via Internet |
| CN1963835A (en) * | 2006-11-30 | 2007-05-16 | 大唐微电子技术有限公司 | Method and system of content protection |
| US20140273965A1 (en) * | 2009-01-28 | 2014-09-18 | Headwater Partners I Llc | Automated credential porting for mobile devices |
| CN101621801A (en) * | 2009-08-11 | 2010-01-06 | 深圳华为通信技术有限公司 | Method, system, server and terminal for authenticating wireless local area network |
| CN103001771A (en) * | 2012-11-14 | 2013-03-27 | 广东电网公司电力科学研究院 | Data transmission security encryption method for metering automation system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112885175A (en) * | 2021-01-15 | 2021-06-01 | 杭州安恒信息安全技术有限公司 | Information security question generation method and device, electronic device and storage medium |
| CN115550913A (en) * | 2022-12-01 | 2022-12-30 | 北京紫光青藤微***有限公司 | Method and device for controlling NFC function, electronic equipment and storage medium |
| CN115550913B (en) * | 2022-12-01 | 2023-02-24 | 北京紫光青藤微***有限公司 | Method and device for controlling NFC function, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Aman et al. | Mutual authentication in IoT systems using physical unclonable functions | |
| Chen et al. | Lightweight and provably secure user authentication with anonymity for the global mobility network | |
| Odelu et al. | SEAP: Secure and efficient authentication protocol for NFC applications using pseudonyms | |
| KR101485230B1 (en) | Secure multi-uim authentication and key exchange | |
| CN105491076B (en) | A kind of heterogeneous network end to end authentication key exchange method towards empty day Information Network | |
| WO2016161583A1 (en) | Gprs system key enhancement method, sgsn device, ue, hlr/hss and gprs system | |
| CN104754581A (en) | Public key password system based LTE wireless network security certification system | |
| CN110147666B (en) | Lightweight NFC identity authentication method in scene of Internet of things and Internet of things communication platform | |
| CN104756458A (en) | Method and apparatus for securing a connection in a communications network | |
| CN109787761A (en) | A kind of equipment certification and key distribution system and method based on physics unclonable function | |
| CN108964896B (en) | Kerberos identity authentication system and method based on group key pool | |
| CN102685749A (en) | Wireless safety authentication method orienting to mobile terminal | |
| CN109347626B (en) | Safety identity authentication method with anti-tracking characteristic | |
| TWI568234B (en) | Anonymity authentication method for global mobility networks | |
| CN108964895B (en) | User-to-User identity authentication system and method based on group key pool and improved Kerberos | |
| Park et al. | Inter-authentication and session key sharing procedure for secure M2M/IoT environment | |
| CN106789845A (en) | A kind of method of network data security transmission | |
| CN105162592B (en) | A kind of method and system of certification wearable device | |
| Badar et al. | Secure authentication protocol for home area network in smart grid-based smart cities | |
| Abbas et al. | PRISM: PRivacy-aware interest sharing and matching in mobile social networks | |
| CN106357595A (en) | Encryption method and encryption system based on SIM card | |
| KR101760376B1 (en) | Terminal and method for providing secure messenger service | |
| CN105743859B (en) | A kind of method, apparatus and system of light application certification | |
| Wu et al. | Efficient authentication for Internet of Things devices in information management systems | |
| CN102256252A (en) | Method for realizing safety model of access authentication in mobile internet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 200083 B building, No. 420, Guang Zhong Road, Hongkou District, Shanghai Applicant after: Shanghai middle shift information technology Co., Ltd. Address before: 200083 B building, No. 420, Guang Zhong Road, Hongkou District, Shanghai Applicant before: SHANGHAI ZHONGYI COMMUNICATION TECHNOLOGY ENGINEERING CO., LTD. |
|
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170125 |